By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

My parents computer managed to get the Antivirus 2009 wirus on it. I've encountered it before, and restoring the system back to a previous date seemed to get rid of it. I say seemed because I'm not sure.

Are there any other forum goers here that can confirm if a system restore will get rid of it? I also got them to run an avast virus scan, from which I'm yet to hear the results.

God will see you true for all this you have done to me you bastard. - Collins Kalu
MAY THE HAND THAT TYPE ON KEYBORD BECOME STRICKEN AND TRANSMIT VIRUS TO YOU ENTIRE BODY. - Dr Linda Akeem
oh what a mess its time cabbage punks like u will be expose for trully what they are. - David Cole

Akai RyuChuck Norris

Joined: 11 Jun 2007
Posts: 1369

Posted:
Tue Dec 09, 2008 2:02 pm

You can't really remove something like this with something like system restore. If you go to Castle Cops or Bleeping Computer or similar fora, they'll tell you the same thing.

Joined: 23 Sep 2004
Posts: 825
Location: best beer country in onomatopoeia world

Posted:
Tue Dec 09, 2008 3:24 pm

I think you should put some "parental control" on your parents' computer...

Quote:

What is Antivirus 2009? (Run SpyHunter's malware scanner to check for Antivirus 2009)

Antivirus 2009, also known as Antivirus2009, is a rogue anti-spyware program that uses false spyware results to lure you to purchase its full version. Antivirus2009 is an updated version of Antivirus 2008. Other Antivirus 2009 aliases that have recently appeared on the Web are: XP Antivirus 2008, Vista Antivirus 2008, Ultimate Antivirus 2008 and System Antivirus 2008.

Antivirus 2009 is usually promoted via a ZLOB/MediaAccess Codec installer found on adult websites. Zlob has been the trojan of choice to infect users with pop ups disguised as system notifications that lead to websites with rogue anti-spyware programs. You can also install Antivirus 2009 manually on the rogue website antivirus-scanner.com. Antivirus 2009 may use its system scanner to display false positives which work as an incentive to make unsuspecting users purchase Antivirus 2009's commercial version.

First, Download MalwareBytes. If you can't download, use a friends computer to download the installer to a disk, thumb drive or external hard drive. I downloaded mine from Download.com. Once you have it on a disk or other removable storage device, rename the installer file and then transfer it to your desktop. Run the installer and if it doesn't launch the program, don't worry. Right click on the shortcut icon that it put on your desktop or in the quicklaunch bar if you use one, then click "properties". There, you will see "find target". Click the "find target" and you'll open the folder with "mbam.exe" in it. All you have to do is rename that file to anything you like and then launch it by double clicking it. When the program launches, don't bother updating, just run a quick scan not a full system scan, you can do that later. Remove the crap that it finds and reboot as it will suggest. On reboot it will finish removing any crap that's left. You may get a message that windows needs to restore files. I ignored this because I didn't have an actual Operating System disk. I simply rebooted and everything came up fine with no issues. (Try that at your own risk, I had no choice.) Once you're booted up again, launch MalwareBytes again and this time run the update. When it's updated, scan again and remove any remaining crud again. When that's done, run it one more time just to be sure. Antivirus 2009 should be eliminated from your system. You can run a full system scan if you want to.

Another thing, if you already have MalwareBytes on your pc and it won't launch like mine wouldn't first try renaming the executable and then launch and scan. If that doesn't work, then you may need to remove the old version of MalwareBytes and install from another source as I mentioned above. It doesn't usually hurt to try the most simple things first.

_________________I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up

Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
- 18 mths: Louis

It is also helpful to turn off System restore before running any virus removal programe, then once the system is clean, reboot, and turn on System restore again. This clears all the previous restore points, and lets you set a clean point.

System Restore can hold pieces of virus and other nasties, that re-infect your computer

I just went through this at the nonprofit I work at. Not only did a computer there get infected, but the slimeballs hacked our website so that it would redirect to the antivirus 2009 website whenever someone tried to enter our site from a search engine. (It would load normally if you typed in the address, making the changes much harder to detect). Took me close to a month to figure out why our online Frontpage forms kept crashing. In this case the hacked site was not due to infection on my computer, they went through a vulnerability in our webhost's servers and modified the .htaccess files on numerous websites, but I learned while figuring out what was going on that keylogging is being used for the same purpose.

So, if your parents have any kind of a website (maybe not likely, but I have been amazed at the number of people who unexpectedly do), you also need to check it to verify it hasn't been messed with.

Malwarebytes does a great job of identification and removal and is definitely your first step. I also found that running Kaspersky's online scanner after cleaning with malwarebytes picked up a few more files, which I manually deleted.

ETA: My nonprofit is a humane society, and the majority of hacked sites (when cleaning this mess up, I was told approx 79,000 sites have now been modified to redirect to AV 2009) are completely innocent and child-safe (no porn, no gambling), so at this point you can't assume that infection is related to visiting malicious sites, or that staying away from "adult" sites will keep you safe.

_________________"I've a feeling we're not in Kansas any more..."

MasterRahl245Hello I'm New here!

Joined: 09 Dec 2008
Posts: 1
Location: The Wrong Side Of The Tracks

Posted:
Tue Dec 09, 2008 8:15 pm

I work in PC repair and I've run into that virus a few times.

Two programs I've found that are top-notch at removing viruses and other nasties are Malwarebytes Anti-Malware and SuperAntiSpyware.

View next topicView previous topic
You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forum